src/Security/ApiAdminAuthenticator.php line 27

Open in your IDE?
  1. <?php
  2. namespace App\Security;
  4. use Symfony\Component\HttpFoundation\JsonResponse;
  5. use Symfony\Component\HttpFoundation\Request;
  6. use Symfony\Component\HttpFoundation\Response;
  7. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  8. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  9. use Symfony\Component\Security\Core\Exception\CustomUserMessageAuthenticationException;
  10. use Symfony\Component\Security\Http\Authenticator\AbstractAuthenticator;
  11. use Symfony\Component\Security\Http\Authenticator\Passport\Badge\UserBadge;
  12. use Symfony\Component\Security\Http\Authenticator\Passport\Passport;
  13. use Symfony\Component\Security\Http\Authenticator\Passport\SelfValidatingPassport;
  14. use App\Entity\Admin;
  15. use Doctrine\ORM\EntityManagerInterface;
  16. use Symfony\Component\Security\Http\Authenticator\Passport\Credentials\CustomCredentials;
  17. use Symfony\Component\Security\Core\User\UserInterface;
  18. use Symfony\Component\HttpFoundation\RedirectResponse;
  19. use Symfony\Component\Routing\RouterInterface;
  20. use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
  21. use Symfony\Component\Security\Core\Security;
  24. /**
  25.  * 使用这个验证访问权限  暂时无法使用rememberme功能(可改造)
  26.  */
  27. class ApiAdminAuthenticator extends AbstractAuthenticator
  28. {
  29.     public function __construct(
  30.         protected EntityManagerInterface $entityManager,
  31.         protected Security $security,
  32.         protected AuthorizationCheckerInterface $authChecker,
  33.         protected RouterInterface $router,
  34.     ) {}
  35.     /**
  36.      * Called on every request to decide if this authenticator should be
  37.      * used for the request. Returning `false` will cause this authenticator
  38.      * to be skipped.
  39.      */
  40.     public function supports(Request $request): ?bool
  41.     {
  42.         return === strpos($request->attributes->get('_route'), 'admin_auth');
  43.     }
  45.     public function authenticate(Request $request): Passport
  46.     {  
  47.         $admin $this->security->getUser();
  48.         if (!$admin) throw new CustomUserMessageAuthenticationException('请重新登陆系统123', ['code'=>-1]);
  49.         ////此处验证api是否用访问权限             
  50.         $router $request->attributes->get('_route');      
  51.         $isAuth $this->authChecker->isGranted($router);
  52.         if(!$isAuth && $admin->getUsername() !== 'admin') throw new CustomUserMessageAuthenticationException('没有访问权限', ['code'=>1]);  
  53.         return new SelfValidatingPassport(new UserBadge($admin->getUsername()));
  54.     }
  56.     public function onAuthenticationSuccess(Request $requestTokenInterface $tokenstring $firewallName): ?Response
  57.     {
  58.         // on success, let the request continue
  59.         return null;
  60.     }
  62.     public function onAuthenticationFailure(Request $requestAuthenticationException $exception): ?Response
  63.     {
  64.         if ($request->isXmlHttpRequest()) {  
  65.             $data = [
  66.                 // you may want to customize or obfuscate the message first
  67.                 'code'  => $exception->getMessageData()['code'] ?? -1,
  68.                 'message' => strtr($exception->getMessageKey(), $exception->getMessageData())
  69.             ];
  70.     
  71.             return new JsonResponse($dataResponse::HTTP_UNAUTHORIZED);             
  72.         }
  73.         $request->getSession()->getFlashBag()->add('alert'strtr($exception->getMessageKey(), $exception->getMessageData()));
  74.         if ($exception->getMessageData()['code'] === -1) return new RedirectResponse($this->router->generate('admin.login'));        
  75.         throw new \Exception(strtr($exception->getMessageKey(), $exception->getMessageData()));  
  76.     }
  77. }